As of HDP 3.0, topology files are dynamically generated from combinations of Provider
Configurations and Descriptors, defined using the Knox Admin UI. Additionally, these provider
configurations and descriptors are now shared- you no longer have to specify configurations (e.g.
authentication provider, identity assertion provider, or authorization provider) for each
topology file- you define a Provider Configuration or Descriptor and they are shared across all
topologies you choose. The Admin UI consists of 3 sections:

Provider Configurations: A named set of providers, e.g., authentication, federation,
authentication, authorization, identity assertion, etc. Provider configurations can be
shared across descriptors/topologies.

Descriptors: References the Provider Configurations to declare the policy (authentication,
authorization, identity assertion, etc) that goes along with proxying that cluster. Descriptors
cannot be shared across topologies; Descriptors and topologies are 1-to-1.

Topologies: Dynamically generated based on the Provider Configurations and Descriptors you
define.

However- the same topologies that were manageable in Ambari previously, still are. Within the
Knox Admin UI, the topologies that are managed by Ambari should be read-only. Within an Ambari
managed cluster, the Knox Admin UI is to be used for creating additional topologies. When a Knox
instance is not managed by Ambari, all topology management will be done via the Knox Admin
UI.